Other > Viruses and worms

These Trojan Horse Twins called 80000032.@ and 80000064.@ are destrying my life

<< < (5/8) > >>

frankocean89:
DONE! I hope it worked!

frankocean89:
Does anyone knows what I should do next??

magna86:
You don't need internet any more. When I look at FRST log I shall write FRST Script for killing and fixing this rootkit.

I will be back soon.

mchain:

--- Quote from: frankocean89 on October 08, 2013, 04:39:28 PM ---
--- Quote from: Eddy on October 08, 2013, 04:38:25 PM ---Often when you can not download through a web-browser, ftp is still working.

--- End quote ---
what is ftp?

--- End quote ---
hi frankocean89,

When in a bind, do the simplest things first.  That is, get to where you are following magna's original instructions.

Workaround re no internet access:

Simplest way to do that is to download all files you need on a clean computer and transfer over to your sick system via an USB stick.  To prevent infections on your clean system via USB, install this tool on it first:  http://www.mcshield.net/   You'll not need to worry about transferring malware from your sick system to the clean one if this is installed and in place before you begin.  You'll be able to transfer needed programs over, or needed logs back to the clean system to post back here as you go along.

magna86:
 Frankocean89,
This will kill ZA rootkit and all his related files.


Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[*] A blank Notepad page should open.
[*] Copy/Paste the contents of the code box below into Notepad.

[/list]
--- Code: ---START
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-01] (APN)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-10-01] (APN LLC.)
C:\Program Files\AskPartnerNetwork
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a9dc3b77-a104-26f7-d8cc-b3ee5a1d846e}\   \...\???\{a9dc3b77-a104-26f7-d8cc-b3ee5a1d846e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\SAMSUNG\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Users\SAMSUNG\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\SAMSUNG\AppData\Local\Temp\lowproc.exe
C:\Users\SAMSUNG\AppData\Local\Temp\msimg32.dll
C:\Users\SAMSUNG\AppData\Local\Temp\Offercast2802_MYC_.exe
C:\Users\SAMSUNG\AppData\Local\Temp\rnsetup0.exe
C:\Users\SAMSUNG\AppData\Local\Temp\SkypeSetup.exe
C:\Users\SAMSUNG\AppData\Local\Temp\stubhelper.dll
C:\Users\SAMSUNG\AppData\Local\Temp\The History of Love Downloader.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
END

--- End code ---
[*]
Save it to your USB flashdrive as fixlist.txt
[/list]

=> Or you may download attached file. It's created fixlist.txt for FRST.

>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
[*]    Press the Fix button once and wait.
[*]    FRST will process fixlist.txt
[*]    When finished, it will produce a log fixlog.txt on your USB flashdrive.
[/list]


 >>  Exit out of Recovery Environment and post me the log please.


-------------------- Next -----------------


Can you please boot back to normal mode Windows, and re-run FRST;

[*]Under Optional Scan ensure "Addition.txt" are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]It makes also another log (Addition.txt). Please attach it to your reply.
[/list]



Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version